Privacy Policy — BCeph | Cephalometric Analysis Software

01 Introduction

🖼️

Images are local

X-ray files are stored in your browser's IndexedDB only. They are never uploaded to any server.

☁️

Analysis data syncs to Firebase

Landmark coordinates, measurements, and any patient identifiers you enter are stored on Google Firestore. BCeph does not currently hold a HIPAA BAA. Use anonymised case IDs — not real patient names.

BCeph ("we," "our," or "us") is a free browser-based cephalometric analysis tool developed by Bayan Healthcare Analytics. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use BCeph at bceph.com.

Please read this policy carefully. By accessing or using BCeph, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. Questions? Contact us at team@bceph.com.

02 Information We Collect

2.1 Information you provide

Data category	Examples	Where it is stored	Purpose
Account information	Name, email, profile photo (via Google Sign-In)	Firebase Auth	Authentication and account management
Analysis data	Landmark coordinates, measurements, case metadata, patient identifiers you enter	Firebase Firestore	Persisting your work across sessions and devices
Radiographic images	Lateral cephalogram files you upload	Local IndexedDB only	On-device image rendering — never transmitted

⚠ Important for HIPAA-covered practices: BCeph does not currently hold a Business Associate Agreement (BAA) with Google Firebase. Do not enter real patient names, dates of birth, or other protected health information into fields that sync to Firestore. Use anonymised case reference numbers instead.

2.2 Information collected automatically

When you use BCeph, we automatically collect limited technical data through Firebase Analytics:

→Usage data: Feature interactions, session duration, error events
→Device information: Browser type, operating system, screen resolution
→Analytics events: Tracked via Firebase Analytics (Measurement ID: G-7S73KJYE43)

Note: Radiographic images are explicitly excluded from all automatic data collection. They remain in browser-local IndexedDB and are never included in Firebase Analytics payloads.

2.3 Information we do not collect

BCeph does not collect payment information (BCeph is free). We do not collect professional licence numbers, practice management data, or any information beyond what is described above.

03 How We Use Your Information

Service delivery

To provide, maintain, and improve BCeph's cephalometric analysis features across sessions and devices.

Authentication

To verify your identity via Google Sign-In and associate saved analyses with your account.

Communication

To send service updates, security notices, and support responses when you contact us.

Analytics

To understand aggregate usage patterns and prioritise feature development. No imaging data is involved.

Security

To detect abuse, protect against fraud, and ensure the integrity of the application.

Compliance

To meet applicable legal obligations and respond to lawful requests from authorities.

We do not use any collected data for advertising, marketing profiling, or sale to third parties.

04 How We Share Your Information

We do not sell your personal information. We may share limited information only in the circumstances below.

Recipient	Information shared	Purpose
Google / Firebase	Account info (Auth), analysis data and case metadata (Firestore), usage events (Analytics)	Authentication, cloud sync, usage analytics
Legal authorities	As required by applicable law	Legal compliance, court orders, lawful requests
Business transfers	User data relevant to the transfer	In the event of a merger, acquisition, or asset sale
With your consent	As specified at the time of consent	At your explicit direction

⚠ No BAA is in place: BCeph does not currently hold a HIPAA Business Associate Agreement with Google Firebase. Analysis metadata stored in Firestore is processed under Google's standard Firebase Terms of Service, not a healthcare-specific agreement. HIPAA-covered practices should use anonymised case IDs for all Firestore-stored fields.

05 Data Security

We implement layered security measures across BCeph's architecture:

✓Local image storage: X-ray images are stored in IndexedDB on your device — they never traverse the network
✓Encrypted transit: All data transmitted between your browser and Firebase uses TLS 1.2+
✓Firestore security rules: Analysis data is scoped per authenticated user — no cross-user data access is possible
✓Google authentication: BCeph uses Google Sign-In — no passwords are stored or managed by BCeph directly
✓Client-side calculations: All cephalometric computations run in your browser — no analysis processing occurs on a BCeph server
✓Backup / restore: The export feature produces a local JSON file saved directly to your device — no cloud intermediary
⚠Firestore analysis metadata: Landmark data, measurements, and any case identifiers you enter are encrypted in transit and stored in Firebase Firestore under your authenticated account — subject to Google's infrastructure, not a healthcare-specific BAA

While we implement robust security measures, no method of electronic storage or internet transmission is 100% secure. We cannot guarantee absolute security of data transmitted over the internet.

06 Data Retention

We retain your information only as long as necessary for the purposes outlined in this policy.

Data type	Retention period	Notes
Account data	While account is active + 90 days	You may request deletion at any time
Firestore analysis data	While account is active	Deleted upon account deletion request
Radiographic images	Controlled entirely by you	Stored in local IndexedDB — cleared when you delete a patient or clear browser data
Firebase Analytics	14 months (Google default)	Aggregate, anonymised event data only

You may request deletion of your account and associated Firestore data at any time by contacting us. We will comply unless retention is required for legal obligations.

07 Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access & portability

Request a copy of your account and Firestore analysis data in a machine-readable format.

Correction

Request correction of inaccurate or incomplete personal information we hold.

Deletion

Request deletion of your account and all associated Firestore data.

Restriction

Request we restrict processing of your data in certain circumstances.

Objection

Object to processing based on legitimate interests where applicable.

Withdraw consent

Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact the BCeph team. We will respond within 30 days.

08 Children's Privacy

BCeph is a clinical tool intended for use by licensed healthcare professionals and students under professional supervision. It is not directed at children under 18 as end users of the application.

We do not knowingly collect personal information from individuals under the age of 18. If you believe your child has created a BCeph account, please contact us immediately and we will remove the account and associated data.

Patient records within BCeph may include records for paediatric patients in orthodontic care. X-ray images for such patients remain entirely on your local device; any case metadata entered into Firestore is governed by the data handling guidance in Sections 2 and 4.

09 Changes to This Policy

We may update this Privacy Policy as BCeph evolves — including if a formal HIPAA BAA arrangement is established in a future version. We will notify you of material changes by:

→Posting the updated policy on this page with a revised "Last updated" date
→Sending an email notification to registered users for significant changes
→Displaying a notice within the BCeph application at next login

Your continued use of BCeph after any changes constitutes acceptance of the updated terms.

Questions about this policy?
Reach the BCeph team at team@bceph.com. We aim to respond within 2 business days.